Tagged Questions

Just to get an understanding of how indicators of compromise works. Take For example, in this article, the SMB tool. There is a MD5 hash for it. So is my firewalls or IDS supposed to be able to detect ...

Just for the test I did the following:
Downloaded a page from wikipedia via wget on remote server and named the file test.dat. Then I executed md5sum.
I download the file via http and check it back ...

Apparently, for the Android KeyChain an encrypted master key is stored along the MD5 hash of the unencrypted Key.
How secure is that?
MD5 is known to have collisions, but I guess we can assume with an ...

Is md5(sha1(pass)) more secure than md5(pass)?
For example in case of sqli when attacker cant get our hashing schema, brute force or dictionary attack would be much less efficient.
Am i right or is it ...

I am in the process of learning oclHashcat syntax. Currently, I am working on breaking a file of md5crypt strings with a dictionary file. The dictionary I am using is rockyou.txt from an installation ...

I'm using incremental mode (brute force) mode in John the Ripper to crack Linux MD5 passwords. I'm trying to calculate the time it will take to run through all combinations of 12 passwords (with 12 ...

I want to securely convey a PDF document containing sensitive information from my system to another system. The latter is operated by a different person, whom I trust. However, this person does not ...

I've read about rainbow tables (which I've confused with hash tables at first).
I understand that it uses a reduce function R(x) and by saving start value P(plaintext) and ending hashed value H I can ...

I work for a firm that has a marketplace on the web. We want to make a link with a token that stops an ad on the marketplace without the user being logged in.
Someone suggested that we make a token ...

As in md5(md5(md5(x)))...
I can remember coming across that in some piece of code. If the attacker can somehow reverse md5(md5(md5(x))) into md5(md5(x)) then he certainly can reverse md5(md5(x)) into ...

I have just realized, that my web application is sending unencrypted passwords from login form. It's just like that -- I've analysed, that string sent by user from login form is hashed with MD5 (which ...

Can anyone give me an idea? Assume the salt(s) is/are known.
For example, if I have a $k$-character long password that is hashed in MD5 versus bcrypt, is there a way to estimate how much more time it ...

I always hear that MD5 is too fast for effective password crypto because you can crack up to 6 characters very quickly (or is this number higher now)?
But what if the salt you use is really long and ...

I am looking for enhancements of SHA1 when its compared to MD5. But I am not talking about just heap sizes. I am talking about different enhancements than heap size.
Also, I think md5 is faster than ...

I'm going to preface this by saying I have absolutely no clue when it comes to cryptography, but I'm posting this question because I'm very interested and I have no doubt there are some smart people ...

If I have a salt of 16bytes and 16bytes of data, how fast can one find another 16bytes of data so that MD5(salt + data) == MD5(salt + other data)?
I don't expect an answer accurate to the nanosecond, ...

I am new here, and have poked around the site looking for an overview of which hash algorithm to use on the web and why.
It seems to be the consensus that SHA-256 or other SHA-2 family algorithms are ...

How can I create a password, which when directly hashed (without any salt) with md5 will return a string containing the 8 characters "SALT ME!". The hope is that a naive developer browsing through his ...

I have moved this question from stackoverflow to this place. I know it may be a question about 'opinion' but I am not looking for a private opinion but a source of the final decision to keep it this ...

A file is encrypted and placed on a secure FTP server. An MD5 hash is taken of the file and also placed on the FTP server. A userlogs in to the server and downloads both files, however, the hash fails ...

A professor told us today, that MD5 is weak. I understand his chain of thought but pointed out, that IMHO MD5 is a good way to go if you would use a long (even really long) dynamic salts and static ...

I'm reading a lot about implementing security constraints to a REST API.
There are a lot of methods, some better than others for 3party applications or to consume my own API.
HTTP Basic + TLS (with ...

Just had a vendor tell me that because their PCI auditors did not recommend banning the use of unsalted MD5 to store sensitive data at this time with with their current level of PCI compliance that ...